Bug#422936: CVE-2007-2437: Xrender extension allows remote DoS
Package: xorg-server
Severity: important
Hi,
CVE-2007-2437 came out recently, and its description reads:
The X render (Xrender) extension in X.org X Window System 7.0, 7.1,
and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated
users to cause a denial of service (daemon crash) via crafted values
to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps
functions, which trigger a divide-by-zero error.
More information can be found here:
http://xforce.iss.net/xforce/xfdb/33976
http://www.rapid7.com/advisories/R7-0027.jsp
http://www.securitytracker.com/id?1017984
According to the information referenced there the solution is to
"Upgrade to the latest version of X.Org Server (7.2 with Xserver 1.3.1
or later), available from the X.Org Foundation Web site"
Please include the CVE reference in any changelogs that reference this
issue.
Thanks!
Micah
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-4-vserver-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Reply to: